mbs-backend¶
This page documents the usage of mb-mbs-backend crd.
Description¶
The backend of the module-build-service
Parameters¶
Name | Default Value | Type |
---|---|---|
image | quay.io/fedora/mbs-backend:latest | string |
replicas | 1 | int |
hub_username | mbs | string |
cacert_secret | mbs-ca-cert | string |
client_cert_secret | mbs-client-cert | string |
postgres_secret | postgres | string |
mbs_configmap | mbs-configmap | string |
fedora_versions | [‘32’] | [string] |
hub_host | ‘koji-hub:8443’ | string |
messaging_system | ‘fedmsg’ | string |
topic_prefix | ‘org.fedoraproject.dev’ | string |
scm_url | ‘git+https://src.fedoraproject.org/modules/’ | string |
rpms_default_repository | ‘git+https://src.fedoraproject.org/rpms/’ | string |
rpms_default_cache | ‘https://src.fedoraproject.org/repo/pkgs/’ | string |
modules_default_repository | ‘git+https://src.fedoraproject.org/modules/’ | string |
pdc_url | ‘https://pdc.stg.fedoraproject.org/rest_api/v1’ | string |
oidc_required_scope | ‘https://mbs.fedoraproject.org/oidc/submit-build’ | string |
shared_pvc | koji-hub-mnt-pvc | string |
mbox | “” | string |
image¶
The the full qualified image name to pull mbs-backend from.
replicas¶
The amount of mbs-backend replicas to deploy.
hub_username¶
User to use when authenticating with koji-hub.
cacert_secret¶
The root CA secret name to use.
If not provided it uses the one generated (self-signed).
client_cert_secret¶
The client secret name to use or create.
It will skip its creation (self signed) if one is already present.
It needs to be created and signed using the root CA certificate and private key.
Secret format:
apiVersion: v1
kind: Secret
metadata:
name: myservice
namespace: default
labels:
app: koji-builder
type: kubernetes.io/tls
data:
tls.crt: -|
fillme
tls.key: -|
fillme
tls.pem: -|
This is a combination of tls.key and tls.crt separated by '\n' and encoded in base64
Example: "{{ (lookup('file', 'client_key.pem') + '\n' + lookup('file', 'client_cert.pem')) | b64encode }}"
postgres_secret¶
Postgresql secret used by MBS to connect to a psql instance.
Deployment will fail if this secret is not present.
Secret format:
apiVersion: v1
kind: Secret
metadata:
name: postgres
labels:
app: postgres
data:
POSTGRES_HOST: fillme
POSTGRES_DB: fillme
POSTGRES_USER: fillme
POSTGRES_PASSWORD: fillme
configmap¶
The configmap name to use when deploying configuration shared between mbs-frontend and mbs-backend component.
This configmap contains configuration files that are shared between mbs-frontend and mbs-backend.
fedora_versions¶
The versions of the Fedora we need to generate module template for.
messaging_system¶
Messaging system to use when sending messages. Support for fedora messaging is not available in MBS for now.
topic_prefix¶
Prefix of the topic for messaging system.
config_scm_url¶
Source Code Management git URL for modules, should contain repositories for modules builds definitions.
rpms_default_repository¶
Default repository git URL for RPMS.
rpms_default_cache¶
Default cache URL for RPMS.
modules_default_repository¶
Default repository git URL for modules.
pdc_url¶
Product Definition Center URL.
oidc_required_scope¶
OIDC required scope URL.
mbox¶
A Mbox resource name to retrieve shared data from (pvc volume, shared certs and shared MBS configmap).
MBS Backend will use the following vars if this property is missing:
- shared_pvc (shared koji mnt volume)
- cacert_secret (root ca secret)
- postgres_secret (PSQL secret)
- configmap (shared configmap name)
- fedora_versions (versions of fedora for module templates)
- hub_host (Koji host URL)
- messaging_system (messaging system to use)
- topic_prefix (topic prefix for messaging system)
- scm_url (URL for SCM)
- rpms_default_repository (default URL for RPMS repositories)
- rpms_default_cache (default cache URL)
- modules_default_repository (default URL for modules repositories)
- pdc_url (URL for PDC)
- oidc_required_scope (OIDC required scope URL)
Usage¶
Upstream file can be found here
Create a file mbmbsbackend-cr.yaml containing the following content (modify as needed):
apiVersion: apps.fedoraproject.org/v1alpha1
kind: MBMbsBackend
metadata:
name: example-mb-mbs-backend
spec:
replicas: 1
image: quay.io/fedora/mbs-backend:latest
hub_username: mbs
cacert_secret: koji-hub-ca-cert
client_cert_secret: mbs-client-cert
postgres_secret: postgres
configmap: mbs-configmap
fedora_versions: ['32']
hub_host: 'koji-hub:8443'
messaging_system: 'fedmsg'
topic_prefix: 'org.fedoraproject.dev'
scm_url: 'git+https://src.fedoraproject.org/modules/'
rpms_default_repository: 'git+https://src.fedoraproject.org/rpms/'
rpms_default_cache: 'https://src.fedoraproject.org/repo/pkgs/'
modules_default_repository: 'git+https://src.fedoraproject.org/modules/'
pdc_url: 'https://pdc.stg.fedoraproject.org/rest_api/v1'
oidc_required_scope: 'https://mbs.fedoraproject.org/oidc/submit-build'
shared_pvc: 'koji-hub-mnt-pvc'
# mbox: example-mbox #uncomment to retrieve pvc and cert config from a mbox cr
Run the following command to create a mbs-backend resource:
kubectl apply -f mbmbsbackend-cr.yaml
You can check its status by running:
kubectl get mbmbsbackend/example -o yaml